CVE-2025-43877 MEDIUM

CVE-2025-43877

Vendor Elecom Co.,Ltd.

Product WRC-1167GHBK2-S

Weakness CWE-79 · XSS

Published June 24, 2025

Last update June 25, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.

Key dates

02Disclosure timeline

June 24, 2025 CVE published

June 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-43877 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-45607 WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS) CVE-2023-26456 CVE-2024-37919 WordPress Timeline Module for Beaver Builder plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-40286 WeGIA has Cross-Site Scripting in Controle de Contribuição CVE-2024-30439 WordPress Limit Attempts by BestWebSoft plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability